Is there a risk in sending the username in a password reset email?

No, there should be absolutely no security risk with this approach.

Usernames are public information and should be treated as such.

EDIT

@Polynomial pointed out a key fact I left out. My advice doesn't apply if the username in question is some piece of sensitive information like a SS number.

Is there a risk in sending the username in a password reset email?

Tags:

Passwords

Password Management

Password Reset

Related

Recent Posts